AZ-700: Designing and Implementing Microsoft Azure Networking Solutions → AZ-700: Designing and Implementing Microsoft Azure Networking Solutions Part 8

AZ-700: Designing and Implementing Microsoft Azure Networking Solutions Part 8

Question #: 121
Topic #: 2
You have an application named App1 that listens for incoming requests on a preconfigured group of 50 TCP ports and UDP ports.
You install App1 on 10 Azure virtual machines.
You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules.
What should you include in the solution?

A. Azure Application Gateway V2 that has multiple listeners
B. Azure Standard Load Balancer that has Floating IP enabled
C. Azure Standard Load Balancer that has high availability (HA) ports enabled
D. Azure Application Gateway v2 that has multiple site hosting enabled

Selected Answer: C

Question #: 122
Topic #: 1
SIMULATION
–

Username and password
–

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: User-12345678@cloudslice.onmicrosoft.com

Azure Password: xxxxxxxxxx
–

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 12345678
–

You need to ensure that hosts on VNET2 can access hosts on both VNET1 and VNET3. The solution must prevent hosts on VNET1 and VNET3 from communicating through VNET2.

To complete this task, sign in to the Azure portal.

Suggestion Answer:

Question #: 123
Topic #: 4
DRAG DROP –

Case Study –

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study –
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview –

Proseware, Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.

Existing Environment. Hybrid Environment

Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.

Proseware has an Azure subscription that is linked to proseware.com.

Proseware has an internal certification authority (CA).

Existing Environment. Network Infrastructure

The offices contain the resources shown in the following table.

NYCNet connects to Azure by using an ExpressRoute circuit.

SFONet connects to Azure by using a Site-to-Site (S2S) VPN.

Existing Environment. Azure Resources

The Azure subscription contains the virtual networks and subnets shown in the following table.

The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.

VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.

VM1, VM2, and VM4 are connected to SpokeVNet.

The subscription contains Application Gateway resources shown in the following table.

The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.

HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.

Planned Changes and Requirements. Planned Changes

Proseware plans to implement the following changes:

• Deploy an Azure Private DNS Resolver named PRDNS1 to HubVNet and link PRDNS1 to SpokeVNet.
• Create a DNS forwarding ruleset named DNSRS1 and associate DNSRS1 with PRDNS1.
• Deploy Azure Virtual Network Manager and implement the following rules:
– Allow inbound connections on TCP port 3389 from the on-premises networks to SUBNET-JUMPHOSTS.
– Block inbound connections on TCP port 80 from the internet to SpokeVNet.
• Ensure that Azure Virtual Network Manager rules take precedence over conflicting NSG rules.
• Deploy two network virtual appliances (NVAs) named NVA1 and NVA2 to HubVNet.
• Deploy a gateway load balancer named LBGW1 to HubVNet.
• Configure LBGW1 to inspect traffic on TCP ports 443, 1433, and 1434 from LBS1 by using NVA1 and NVA2.
• Ensure that all the traffic to App2 is processed by using FD1.

Planned Changes and Requirements. Connectivity requirements

Proseware identifies the following connectivity requirements:

• Minimize the complexity of the Azure Virtual Network Manager deployment.
• Route traffic between NYCNet and SFONet via the ExpressRoute circuit and the S2S VPN.
• Ensure that remote users on Windows 11 devices can connect to HubVNet by using a Point-to-Site (P2S) VPN and their proseware.com credentials.

Planned Changes and Requirements. Security requirements

Proseware identifies the following security requirements:

• Whenever possible, use the internal CA.
• Ensure that all connections routed via APPGW1 use end-to-end encryption.
• Ensure that user connections to Azure-hosted apps use end-to-end encryption.
• Ensure that all inbound internet traffic to app2.proseware.com is routed via FD1.
• Prevent devices that connect to NYCNet from accessing Azure services that use private endpoints.
• Enable the virtual machines that connect to HubVNet and SpokeVNet to access Azure services that use private endpoints.

Planned Changes and Requirements. General requirements

Proseware identifies the following general requirements:

• Minimize the IP address space required to deploy platform-managed resources to the virtual networks.
• From SpokeVNet, resolve name resolution requests for the azure.proseware.com namespace and the corp.proseware.com namespace by using PRDNS1.
• Whenever possible, minimize administrative effort.

You need to deploy Azure Virtual Network Manager. The solution must support the planned changes and meet the connectivity requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Suggestion Answer:

Question #: 124
Topic #: 2
DRAG DROP –
You register a DNS domain with a third-party registrar.
You need to host the DNS zone on Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Suggestion Answer:

Question #: 125
Topic #: 3
You have a website that uses an FQDN of www.contoso.com. The DNS record for www. contoso.com resolves to an on-premises web server.
You plan to migrate the website to an Azure web app named Web1. The website on Web1 will be published by using an Azure Front Door instance named
ContosoFD1.
You build the website on Web1.
You plan to configure ContosoFD1 to publish the website for testing.
When you attempt to configure a custom domain for www.contoso.com on ContosoFD1, you receive the error message shown in the exhibit. (Click the Exhibit tab.)

You need to test the website and ContosoFD1 without affecting user access to the on-premises web server.
Which record should you create in the contoso.com DNS domain?

A. a CNAME record that maps afdverify.www.contoso.com to ContosoFD1.azurefd.net
B. a CNAME record that maps www.contoso.com to ContosoFD1.azurefd.net
C. a CNAME record that maps afdverify.www.contoso.com to afdverify.ContosoFD1.azurefd.net
D. a CNAME record that maps www.contoso.com to Web1.contoso.com

Selected Answer: C

Question #: 126
Topic #: 5
You have an Azure virtual network named VNet1 that contains the subnets shown in the following table.

You need to deploy an Azure application gateway named AppGW1 to VNet1.

To where can you deploy AppGW1?

A. GatewaySubnet only
B. Subnet2 only
C. Subnet1 or Subnet2 only
D. Subnet2 or GatewaySubnet only
E. Subnet1, Subnet2, and GatewaySubnet

Selected Answer: B

Question #: 127
Topic #: 1
HOTSPOT
–

You have an Azure subscription that contains a virtual network gateway named VNetGwy1. VNetGwy1 has a public IP address of 20.25.32.214.

You need to query the health probe of VNetGwy1.

How should you complete the URI? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Suggestion Answer:

Question #: 128
Topic #: 5
HOTSPOT
–

You have an Azure subscription that contains multiple virtual machine scale sets and multiple Azure load balancers. The load balancers balance traffic across the scale sets.

You plan to deploy Azure Front Door to load balance traffic across the load balancers.

You need to identify which Front Door SKU to configure, and what to use to route the traffic to the load balancers. The solution must minimize costs.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Suggestion Answer:

Question #: 129
Topic #: 2
HOTSPOT –
You have the network topology shown in the Topology exhibit. (Click the Topology tab.)

You have the Azure firewall shown in the Firewall1 exhibit. (Click the Firewall1 tab.)

You have the route table shown in the RouteTable1 exhibit. (Click the RouteTable1 tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggestion Answer:

Question #: 130
Topic #: 4
You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains a virtual machine named VM1 and an Azure firewall named FW1.

You have an Azure Firewall Policy named FP1 that is associated to FW1.

You need to ensure that RDP requests to the public IP address of FW1 route to VM1.

What should you configure on FP1?

A. a network rule
B. URL filtering
C. a DNAT rule
D. an application rule

Selected Answer: C

Question #: 131
Topic #: 3
You have the Azure load balancer shown in the Load Balancer exhibit.

LB2 has the backend pools shown in the Backend Pools exhibit.

You need to ensure that LB2 distributes traffic to all the members of VMSS1.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Add a network interface to VMSS1.
B. Add a load balancing rule.
C. Configure a health probe.
D. Add a public IP address to each member of VMSS1.

Selected Answer: BC

Question #: 132
Topic #: 4
HOTSPOT
–

You have an Azure application gateway named AppGw1.

You need to create a rewrite rule for AppGw1. The solution must rewrite the URL of requests from https://www.contoso.com/fashion/shirts to https://www.contoso.com/buy.aspx?category=fashion&product=shirts.

How should you complete the rule? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Suggestion Answer:

Question #: 133
Topic #: 1
HOTSPOT –

You have an on-premises datacenter.

You have an Azure subscription that contains 10 virtual machines and a virtual network named VNet1 in the East US Azure region. The virtual machines are connected to VNet1 and replicate across three availability zones.

You need to connect the datacenter to VNet1 by using ExpressRoute. The solution must meet the following requirements:

• Maintain connectivity to the virtual machines if two availability zones fail.
• Support 1000-Mbps connections.
• Minimize costs.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Suggestion Answer:

Question #: 134
Topic #: 5
Case Study –

Overview –

Proseware, Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.

Existing Environment. Hybrid Environment

Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.

Proseware has an Azure subscription that is linked to proseware.com.

Proseware has an internal certification authority (CA).

Existing Environment. Network Infrastructure

The offices contain the resources shown in the following table.

NYCNet connects to Azure by using an ExpressRoute circuit.

SFONet connects to Azure by using a Site-to-Site (S2S) VPN.

Existing Environment. Azure Resources

The Azure subscription contains the virtual networks and subnets shown in the following table.

The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.

VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.

VM1, VM2, and VM4 are connected to SpokeVNet.

The subscription contains Application Gateway resources shown in the following table.

The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.

HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.

Planned Changes and Requirements. Planned Changes

Proseware plans to implement the following changes:

Planned Changes and Requirements. Connectivity requirements

Proseware identifies the following connectivity requirements:

Planned Changes and Requirements. Security requirements

Proseware identifies the following security requirements:

Planned Changes and Requirements. General requirements

Proseware identifies the following general requirements:

You need to manage connectivity from NYCNet to the Azure services that use private endpoints. The solution must meet the security requirements.

What should you do first?

A. From Azure Virtual Network Manager, create a security admin configuration.
B. From Azure Virtual Network Manager, create a network group that has Member type set to Subnet.
C. Add a route table to SUBNET-PE.
D. Enable a network policy for SUBNET-PE.

Selected Answer: D

Question #: 135
Topic #: 3
You have an Azure subscription that contains the following resources:
✑ A virtual network named Vnet1
✑ Two subnets named subnet1 and AzureFirewallSubnet
✑ A public Azure Firewall named FW1
✑ A route table named RT1 that is associated to Subnet 1
✑ A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet 1, you discover that none of the virtual machines were activated.
You need to ensure that the virtual machines can be activated.
What should you do?

A. On FW1, configure a DNAT rule for port 1688.
B. Deploy an application security group that allows outbound traffic to 1688.
C. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS).
D. On FW1, create an outbound service tag rule for Azure Cloud.

Selected Answer: C

Question #: 136
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You resize the gateway of Vnet1 to a larger SKU.
Does this meet the goal?

A. Yes
B. No

Selected Answer: B

Question #: 137
Topic #: 5
DRAG DROP –

You have an Azure subscription that contains the resources shown in the following table.

You discover that users connect directly to App1.

You need to meet the following requirements:

• Administrators must only access App1 by using a private endpoint.
• All user connections to App1 must be routed through FD1.
• The downtime of connections to App1 must be minimized.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Suggestion Answer:

Question #: 138
Topic #: 4
HOTSPOT –

You have an Azure subscription that contains 200 virtual machines.

You need to use Azure Network Watcher to identify which virtual machines generate the most network traffic. The solution must minimize administrative effort.

Which prerequisites should you deploy for Network Watcher, and which Network Watcher feature should you use to identify the virtual machines? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Suggestion Answer:

Question #: 139
Topic #: 1
You have an Azure subscription that contains a virtual network named VNet1 and the virtual machines shown in the following table.

All the virtual machines are connected to Vnet1.

You need to ensure that the applications hosted on the virtual machines can be accessed from the internet. The solution must ensure that the virtual machines share a single public IP address.

What should you use?

A. an internal load balancer
B. Azure Application Gateway
C. a NAT gateway
D. a public load balancer

Selected Answer: D

Question #: 140
Topic #: 3
You have an Azure Front Door instance that has a single frontend named Frontend1 and an Azure Web Application Firewall (WAF) policy named Policy1. Policy1 redirects requests that have a header containing “string1” to https://www.contoso.com/redirect1. Policy1 is associated to Frontend1.
You need to configure additional redirection settings. Requests to Frontend1 that have a header containing “string2” must be redirected to https:// www.contoso.com/redirect2.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Create a custom rule.
B. Create a policy.
C. Create a frontend host.
D. Configure a managed rule.
E. Add a custom rule to Policy1.
F. Create an association.

Selected Answer: AEF

Question #: 141
Topic #: 2
You have an Azure subscription that contains the virtual networks shown in the following table.

You plan to deploy an Azure firewall named AF1 to RG1 in the West US Azure region.
To which virtual networks can you deploy AF1?

A. Vnet1 and Vnet4 only
B. Vnet1, Vnet2, Vnet3, and Vnet4
C. Vnet1 only
D. Vnet1 and Vnet2 only
E. Vnet1, Vnet2, and Vnet4 only

Selected Answer: C

Question #: 142
Topic #: 2
HOTSPOT
–

You have two Azure App Service instances that host the web apps shown the following table.

You deploy an Azure 2 that has one public frontend IP address and two backend pools.

You need to publish all the web apps to the application gateway. Requests must be routed based on the HTTP host headers.

What is the minimum number of listeners and routing rules you should configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Suggestion Answer:

Question #: 143
Topic #: 4
SIMULATION
–

Username and password
–

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: User-12345678@cloudslice.onmicrosoft.com

Azure Password: xxxxxxxxxx
–

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 12345678
–

You need to create an Azure Firewall instance named FW1 that meets the following requirements:

• Has an IP address from the address range of 10.1.255.0/24
• Uses a new Premium firewall policy named FW-policy1
• Routes traffic directly to the internet

To complete this task, sign in to the Azure portal.

Suggestion Answer:

Question #: 144
Topic #: 1
Case Study –

Overview –

Litware, Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across the United States. Users have Android, iOS, and Windows 10 devices.

Existing Environment –

Hybrid Environment –

The on-premises network contains an Active Directory forest named litwareinc.com that syncs to an Azure Active Directory (Azure AD) tenant named litwareinc.com by using Azure AD Connect.

All offices connect to a virtual network named Vnet1 by using a Site-to-Site VPN connection.

Azure Environment –

Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant. Sub1 contains resources in the East US Azure region as shown in the following table.

A diagram of the resource in the East US Azure region is shown in the Azure Network Diagram exhibit.

There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3. Currently, Vnet2 and Vnet3 cannot communicate directly.

Azure Network Diagram –

Requirements –

Business Requirements –

Litware wants to minimize costs whenever possible, as long as all other requirements are met.

Virtual Networking Requirements –

Litware identifies the following virtual networking requirements:

• Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the Boston datacenter over an ExpressRoute circuit.
• Ensure that the records in the cloud.litwareinc.com can be resolved from the on-premises locations.
• Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.
• Minimize the size of the subnets allocated to platform-managed services.
• Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443 only.

Hybrid Networking Requirements –

Litware identifies the following hybrid networking requirements:

• Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely. Connections must be authenticated by Azure AD.
• Latency of the traffic between the Boston datacenter and all the virtual networks must be minimized.
• The Boston datacenter must connect to the Azure virtual networks by using an ExpressRoute FastPath connection.
• Traffic between Vnet2 and Vnet3 must be routed through Vnet1.

PaaS Networking Requirements –

Litware identifies the following networking requirements for platform as a service (PaaS):

• The storage1 account must be accessible from all on-premises locations without exposing the public endpoint of storage1.
• The storage2 account must be accessible from Vnet2 and Vnet3 without exposing the public endpoint of storage2.

You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.

Which two actions should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. On the peering from Vnet1, select Allow for Traffic forwarded from remote virtual network.
B. On the peerings from Vnet2 and Vnet3, select Allow for Traffic forwarded from remote virtual network.
C. On the peering from Vnet1, select Use the remote virtual network’s gateway or Route Server.
D. On the peering from Vnet1, select Allow for Traffic to remote virtual network.
E. On the peerings from Vnet2 and Vnet3, select Use the remote virtual network’s gateway or Route Server.

Selected Answer: BE

Question #: 145
Topic #: 3
You have 10 Azure App Service instances. Each instance hosts the same web app. Each instance is in a different Azure region.
You need to configure Azure Traffic Manager to direct users to the instance that has the lowest latency.
Which routing method should you use?

A. geographic
B. weighted
C. priority
D. performance

Selected Answer: D

Question #: 146
Topic #: 5
Your on-premises network contains a DNS server named Server1.

You have an Azure subscription that contains the resources shown in the following table.

The on-premises network is connected to VNet1 by using a Site-to-Site (S2S) VPN.

You need to ensure that Server1 can resolve the DNS name of storage1. The solution must minimize costs and administrative effort.

What should you use?

A. Azure DNS Private Resolver
B. an Azure public DNS zone
C. an Azure Private DNS zone
D. an Azure virtual machine that hosts a DNS service

Selected Answer: A

Question #: 147
Topic #: 1
HOTSPOT
–

You have an Azure subscription.

You plan to use Azure Virtual WAN.

You need to deploy a virtual WAN hub that meets the following requirements:

• Supports 4 Gbps of Site-to-Site (S2S) VPN traffic
• Supports 8 Gbps of ExpressRoute traffic
• Minimizes costs

How many scale units should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Suggestion Answer:

Question #: 148
Topic #: 4
SIMULATION
–

Username and password
–

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: User-12345678@cloudslice.onmicrosoft.com

Azure Password: xxxxxxxxxx
–

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 12345678
–

You plan to implement an Azure application gateway in the East US Azure region. The
application gateway will have Web Application Firewall (WAF) enabled.

You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.

To complete this task, sign in to the Azure portal.

Suggestion Answer:

Question #: 149
Topic #: 2
Your company has four branch offices and an Azure subscription. The subscription contains an Azure VPN gateway named GW1.

The branch offices are configured as shown in the following table.

The branch office routers provide internet connectivity and Site-to-Site VPN connections to GW1.

The users in Branch1 report that they can connect to internet resources, but cannot access Azure resources.

You need to ensure that the Branch1 users can connect to the Azure resources. The solution must meet the following requirements:

• Minimize downtime for all users.
• Minimize administrative effort.

What should you do first?

A. Recreate LNG1.
B. Reset RTR1.
C. Reset Connection1.
D. Reset GW1.

Selected Answer: C

Question #: 150
Topic #: 5
You have an Azure Private Link service named PL1 that uses an Azure load balancer named LB1.

You need to ensure that PL1 can support a higher volume of outbound traffic.

What should you do?

A. Increase the number of frontend IP configurations for LB1.
B. Increase the number of NAT IP addresses assigned to PL1.
C. Deploy an Azure Application Gateway v2 instance to the source NAT subnet.
D. Redeploy LB1 with a different SKU.

Selected Answer: B

Question #: 151
Topic #: 3
Your company has offices in London, Tokyo, and New York.
The company has a web app named App1 that has the Azure Traffic Manager profile shown in the following table.

In Asia, you plan to deploy an additional endpoint that will host an updated version of App1.
You need to route 10 percent of the traffic from the Tokyo office to the new endpoint during testing.
What should you configure in Traffic Manager?

A. two profiles and five endpoints
B. two profiles and four endpoints
C. three profiles and four endpoints
D. one profile and five endpoints

Selected Answer: A

Question #: 152
Topic #: 4
SIMULATION
–

Username and password
–

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: User-12345678@cloudslice.onmicrosoft.com

Azure Password: xxxxxxxxxx
–

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 12345678
–

You need to configure VNET1 to log all events and metrics. The solution must ensure that you can query the events and metrics directly from the Azure portal by using KQL.

To complete this task, sign in to the Azure portal.

Suggestion Answer:

Question #: 153
Topic #: 2
DRAG DROP –

You have an Azure subscription that contains a virtual network named Vnet1 and an Azure SQL database named SQL1. SQL1 has a private endpoint on Vnet1.

You have a partner company named Fabrikam, Inc. Fabrikam has an Azure subscription that contains a virtual network named Vnet2 and a virtual machine named VM1. VM1 is connected to Vnet2.

You need to provide VM1 with access to SQL1 by using an Azure Private Link service.

What should you implement on each virtual network? To answer, drag the appropriate resources to the correct virtual networks. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Suggestion Answer:

Question #: 154
Topic #: 3
HOTSPOT –
You configure a route table named RT1 that has the routes shown in the following table.

You have an Azure virtual network named Vnet1 that has the subnets shown in the following table.

You have the resources shown in the following table.

Vnet1 connects to an ExpressRoute circuit. The on-premises router advertises the following routes:
✑ 0.0.0.0/0
✑ 10.0.0.0/16
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggestion Answer:

Question #: 155
Topic #: 1
DRAG DROP
–

You have an on-premises network.

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway.

You need to connect VNet1 to the on-premises network by using an ExpressRoute circuit.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Suggestion Answer:

Question #: 156
Topic #: 5
You have an on-premises network named Site1.

You have an Azure subscription that contains a virtual network named VNet1 and a storage account named storage1.

Site1 and VNet1 are connected by using a Site-to-Site (S2S) VPN.

You need to ensure that the servers in Site1 can connect to storage1 by using the S2S VPN. The solution must minimize administrative effort.

What should you create on VNet1?

A. an Azure application gateway
B. an Azure Private Link service
C. a service endpoint
D. a private endpoint

Selected Answer: D

Question #: 157
Topic #: 5
HOTSPOT –

You have an Azure subscription that contains the resources shown in the following table.

You need to restrict access to storage1 and sql1 by using service endpoints. The solution must meet the following requirements:

• Allow access from Subnet1 to SQLDB1.
• Implement service endpoint policies to restrict access to supported resources.
• Allow access from Subnet1 to storage1 and the read-only replica of storage1 in the paired Azure region.

What is the minimum number of service endpoints and service endpoint policies you should create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Suggestion Answer:

Question #: 158
Topic #: 3
HOTSPOT –
You have an Azure subscription. The subscription contains virtual machines that host websites as shown in the following table.

You have the Azure Traffic Manager profiles shown in the following table.

You have the endpoints shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggestion Answer:

Question #: 159
Topic #: 2
You have an Azure subscription that contains the resources shown in the following table.

You plan to deploy an Azure Virtual Network NAT gateway named Gateway1. The solution must meet the following requirements:

• VM1 will access the internet by using its public IP address.
• VM2 will access the internet by using its public IP address.
• Administrative effort must be minimized.

You need to ensure that you can deploy Gateway1 to Vnet1.

What is the minimum number of subnets required on Vnet1?

A. 2
B. 3
C. 4
D. 5

Selected Answer: C

Question #: 160
Topic #: 4
You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains 20 subnets and 500 virtual machines. Each subnet contains a virtual machine that runs network monitoring software.

You have a network security group (NSG) named NSG1 associated to each subnet.

When a new subnet is created in Vnet1 an automated process creates an additional network monitoring virtual machine in the subnet and links the subnet to NSG1.

You need to create an inbound security rule in NSG1 that will allow connections to the network monitoring virtual machines from an IP address of 131.107.1.15. The solution must meet the following requirements:

• Ensure that only the monitoring virtual machines receive a connection from 131.1071.15.
• Minimize changes to NSG1 when a new subnet is created.

What should you use as the destination in the inbound security rule?

A. an application security group
B. a service tag
C. a virtual network
D. an IP address

Selected Answer: A

Cart

Practice Exam

Install openssl-1.0.2k on Amazon Linux 2023

Protect Your System: Understanding CVE-2024-3400 Zero-Day Vulnerability

Cart